Upstox suffers data breach
Brokerage firm says users data is safe as it upgraded security system
image for illustrative purpose
New Delhi: After admitting a data breach affecting its users, leading stock brokerage firm Upstox has said that the financial data of its users is completely safe.
Claiming that the funds and securities are protected and remain safe, the Tiger Global-backed company said it has upgraded the security systems, based on the recommendations of a global cyber-security firm.
"We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems," the company said in an earlier statement on Sunday. "As a matter of abundant caution, we have also initiated a secure password reset via OTP," the company added.
According to independent security researcher Rajshekhar Rajaharia, this might be the work of ShinyHunters involved in couple of hacking of Indian firms. The breached database includes bank account details, mobile numbers, pictures of users' signature, Aadhaar, PAN and passport etc, he claimed. According to Rajaharia, the Upstox dataset includes data of 2.8 million users, including 56 million KYC files. Ravi Kumar, Co-founder and CEO, Upstox, said the company takes security and privacy very seriously. "While we have already reported this incident to the relevant authorities, we deeply regret any inconvenience this may have caused you," Kumar said.
According to Sonit Jain, CEO, GajShield Infotech, in a rush to scale their business, many a times, enterprises do not focus on data security. "Being aware of where customer data is located and protecting it, is a must for every organisation, however big or small they maybe. Data security should not be a one-time effort, enterprises need to have a real time visibility to their threat surface and data flows," Jain said.